An engineer must configure AAA on a Cisco 9800 WLC for central web authentication. Which two commands are needed to accomplish this task? (Choose two.)
An engineer must configure AAA on a Cisco 9800 WLC for central web authentication. Which two commands are needed to accomplish this task? (Choose two.)
To configure AAA on a Cisco 9800 WLC for central web authentication, the commands required are used to enable RADIUS dynamic authorization and to allow AAA override for the specific WLAN. The command 'aaa server radius dynamic-author' enables RADIUS dynamic authorization which is essential for Change of Authorization (CoA). The command 'config wlan aaa-override enable <wlan-id>' is needed to enable AAA override for the specified WLAN, making it possible to customize authentication and authorization settings. These commands are fundamental to set up central web authentication effectively on a Cisco 9800 WLC.
Anwser AD. Réf: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.pdf
ref: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html Here is the relevant part of the configuration of the WLC that corresponds to this example: aaa new-model ! aaa authorization network CWAauthz group radius aaa accounting identity CWAacct start-stop group radius ! aaa server radius dynamic-author client <ISE-IP> server-key cisco123 ! aaa session-id common ! ! radius server ISE-server address ipv4 <ISE-IP> auth-port 1812 acct-port 1813 key cisco123 ! ! (check the rest in the URL) so: ANS: AD
Configures the Change of Authorization (CoA) on the controller. # aaa server radius dynamic-author Specifies a RADIUS client and the RADIUS key to be shared between a device and a RADIUS client. # client 123.123.134.112 server-key 0 SECRET
Going through elimination I think the answer is AD
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-14/config-guide/b_wl_17_14_cg/m_vewlc_central_web_authentication.html Configuring AAA for Central Web Authentication
B, C and E does not exist in a 9800 WLC ???????-WLC#configure ? confirm Confirm replacement of running-config with a new config file memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP network host replace Replace the running-config with a new config file revert Parameters for reverting the configuration terminal Configure from the terminal <cr> <cr>
A & D are correct
C and D are the answers
To configure AAA on a Cisco 9800 WLC for central web authentication, you’ll need the following two commands: Device(config)# aaa server radius dynamic-author: This command enables the RADIUS dynamic authorization feature and enters dynamic authorization local server configuration mode1. (Cisco Controller) > config wlan aaa-override enable <wlan-id>: This command enables AAA override for a specific WLAN, allowing you to apply custom authentication, authorization, and accounting (AAA) settings for that WLAN1. Remember to adjust the <wlan-id> placeholder with the actual WLAN ID you want to configure. These commands will help you set up central web authentication effectively on your Cisco 9800 WLC. 🛡️
A, C is OK https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/central-web-authentication.html
C and E. You will never see A on a wireless controller CLI. That’s a Switch/Router.
Or maybe it should be A and B actually..
From Cisco A and E are correct. Step 1 aaa server radius dynamic-author Example: Device(config)# aaa server radius dynamic-author Configures the Change of Authorization (CoA) on the controller. Step 2 client ISE-IP-add server-key radius-shared-secret Example: Device(config-locsvr-da-radius)# client 123.123.134.112 server-key 0 SECRET
A and E (In my Opinion) A - configures the WLC to use RADIUS for dynamic authorization (correct) B - diables AAA override (central web auth, we should want AAA override) C - configures a RADIUS accounting server (logging, not used for authentication) D - appears to be configuring a local RADIUS server on device, rather then setting up central web auth. E - enables AAA override for the WLAN, allowing WLC to use AAA for client authentication/authorization
- Okay, yeah - I'm not sure of this one :( - forgive me